<?php
include ("header.php");
if (isset ( $_SESSION ['editInfo'] )) {
	$id = $_SESSION ['id'];
	$firstName = mysql_real_escape_string ( $_POST ["first_name"] );
	$lastName = mysql_real_escape_string ( $_POST ["last_name"] );
	$areaCode = mysql_real_escape_string ( $_POST ["phone_num1"] );
	$prefix = mysql_real_escape_string ( $_POST ["phone_num2"] );
	$lineNumber = mysql_real_escape_string ( $_POST ["phone_num3"] );
	$streetAddress = mysql_real_escape_string ( $_POST ["street_address"] );
	$street2 = mysql_real_escape_string ( $_POST ["line2"] );
	$city = mysql_real_escape_string ( $_POST ["city"] );
	//$state = mysql_real_escape_string ( $_POST ["state"] );
	$zip = mysql_real_escape_string ( $_POST ["zipcode"] );
	$email = mysql_real_escape_string ( $_POST ["email"] );
	//$website = mysql_real_escape_string ( $_POST ["webSite"] );
	$category = mysql_real_escape_string ( $_POST ["category"] );
	$times = mysql_real_escape_string ( $_POST ["times"] );
	$treeInfo = mysql_real_escape_string ( $_POST ["tree_info"] );
	$additional = mysql_real_escape_string ( $_POST ["add_info"] );
	//$userName = $_SESSION ['username'];
	$password = mysql_real_escape_string ( $_POST ["password"] );
	$delete = mysql_real_escape_string ( $_POST ["delete"] );
	
	$query = "SELECT * FROM `pickups2` WHERE `idpickup` = '$id' AND `password` = '$password'";
	$result = mysql_query ( $query, $connection );
	$row = mysql_fetch_array ( $result );
	
	if ($result != false) {
		if (mysql_num_rows ( $result ) == 0) { //no matching records found
			$query = "SELECT * FROM `pickups2` WHERE `idpickup` = '$id'";
			$result = mysql_query ( $query, $connection );
			
			if ($result != false) {
				//echo " 2nd .query returns true";
				if (mysql_num_rows ( $result ) >= 1) { //record matching address found
					$_SESSION ['error'] = <<<END
					<div class="form_description" align = center>
					<h2>Inncorect Password</h2>
                    <p>Make sure your password is correct and please try again </p>
					</div>
END;
				
				} else {
					$_SESSION ['error'] = <<<END
					<div class="form_description" align = center>
					<h2>No Record Found</h2>
                    <p>Shouldn't be here</p>
					</div>
END;
				}
			
			} else
				$_SESSION ['error'] = <<<END
					<div class="form_description" align = center>
					<h2>Unable to access data at this time</h2>
                    <p>Please try again later. </p>
					</div>
END;
		} else if (mysql_num_rows ( $result ) > 0) {
			if (!$delete) {
				$address = $streetAddress . " " . $street2 . " " . $zip;
				$geocodeAddress = preg_replace ( '/\s+/', '+', $address );
				$geocode = geocode ( $geocodeAddress );
				$lat = $geocode ["lat"];
				$lng = $geocode ["lng"];
				
				$query = <<<END
UPDATE `pickups2` 
	SET 
	`first_name`='$firstName',
	`last_name`='$lastName', 
	`area_code`='$areaCode', 
	`phone_num`='$prefix', 
	`pnone_num2`='$lineNumber', 
	`street_address`='$streetAddress', 
	`second_line`='$street2', 
	`city`='$city', 
	`zipcode`='$zip', 
	`email`='$email',
	`times` = '$times,
	`tree_info`='$treeInfo', 
	`additionalInfo`='$additional',
	`lat` = '$lat',
	`lng` = '$lng',
	`category` = '$category'
	WHERE `idpickup`='$id';
END;
			} else {
				$query = "DELETE FROM `hestia`.`pickups2` WHERE `idpickup`='$id'";
			}
			
			$result = mysql_query ( $query, $connection );
			if (! $result) {
				$_SESSION ['error'] = <<<END
					<div class="form_description" align = center>
					<h2>Unable to access data at this time</h2>
                    <p>Please try again later. </p>
					</div>
END;
			} else {
				if ($delete) {
					$_SESSION ['error'] = <<<END
					<div class="form_description" align = center>
					<h2>Information Deleted.</h2>
                    <p>Thank you.</p>
					</div>
END;
				
				} else {
					$_SESSION ['error'] = <<<END
					<div class="form_description" align = center>
					<h2>Update Successful.</h2>
                    <p>Thank you.</p>
					</div>
END;
				
				}
				$_SESSION ['modified'] = true;
				$_SESSION ['success'] = true;
			}
		
		}
	
	} else
		$_SESSION ['error'] = <<<END
							<div class="form_description" align = center>
							<h2>Unable to access data at this time</h2>
		                    <p>Please try again later. </p>
							</div>
END;

} else {
	$streetAddress = mysql_real_escape_string ( $_POST ["streetAdd"] );
	$street2 = mysql_real_escape_string ( $_POST ["add2"] );
	$city = mysql_real_escape_string ( $_POST ["city"] );
	$zip = mysql_real_escape_string ( $_POST ["zip"] );
	$password = mysql_real_escape_string ( $_POST ["password"] );
	
	$query = "SELECT * FROM `pickups2` WHERE `street_address` = '$streetAddress' AND 
	`second_line` = '$street2' AND `city` = '$city' AND `zipcode` = '$zip'
	 AND `password` = '$password' ";
	
	$result = mysql_query ( $query, $connection );
	
	if ($result != false) {
		echo " query returns true ";
		echo mysql_num_rows ( $result );
		if (mysql_num_rows ( $result ) == 0) { //no matching records found
			$query = "SELECT * FROM `pickups2` WHERE `street_address` = '$streetAddress' AND 
					`second_line` = '$street2' AND `city` = '$city' AND `zipcode` = '$zip'";
			$result = mysql_query ( $query, $connection );
			
			if ($result != false) {
				echo " 2nd query returns true";
				if (mysql_num_rows ( $result ) >= 1) { //record matching address found
					$_SESSION ['error'] = <<<END
					<div class="form_description" align = center>
					<h2>Inncorect Password</h2>
                    <p>Make sure your password is correct and please try again </p>
					</div>
END;
				
				} else {
					$_SESSION ['error'] = <<<END
					<div class="form_description" align = center>
					<h2>No Record Found</h2>
                    <p>Make sure your address is correct and please try again </p>
					</div>
END;
				}
			
			} else
				$_SESSION ['error'] = <<<END
					<div class="form_description" align = center>
					<h2>Unable to access data at this time</h2>
                    <p>Please try again later. </p>
					</div>
END;
		} else if (mysql_num_rows ( $result ) > 0) {
			$row = mysql_fetch_array ( $result );
			$_SESSION ['id'] = $row [0];
			$_SESSION ['firstName'] = $row [1];
			$_SESSION ['lastName'] = $row [2];
			$_SESSION ['areaCode'] = $row [3];
			$_SESSION ['phoneNum'] = $row [4];
			$_SESSION ['phoneNum2'] = $row [5];
			$_SESSION ['street'] = $row [6];
			$_SESSION ['street2'] = $row [7];
			$_SESSION ['city'] = $row [8];
			$_SESSION ['zipcode'] = $row [9];
			$_SESSION ['email'] = $row [10];
			$_SESSION ['times'] = $row [11];
			$_SESSION ['food_info'] = $row [12];
			$_SESSION ['addInfo'] = $row [14];
			$_SESSION ['category'] = $row [18];
			$_SESSION ['editInfo'] = true;
		
		}
	
	} else
		$_SESSION ['error'] = <<<END
							<div class="form_description" align = center>
							<h2>Unable to access data at this time</h2>
		                    <p>Please try again later. </p>
							</div>
END;

}
header ( 'Location: edit_info.php' );
include ("footer.php");
?>